Add additional environment variables #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Release | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| permissions: | |
| contents: write | |
| jobs: | |
| build-and-release: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Build Docker image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| load: true | |
| tags: | | |
| my-proof:${{ github.run_number }} | |
| my-proof:latest | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Clone and set up GSC | |
| run: | | |
| git clone https://github.com/gramineproject/gsc.git | |
| cd gsc | |
| python3 -m pip install --no-cache-dir 'docker>=7.1.0' 'jinja2>=3.1.4' 'tomli>=2.0.1' 'tomli-w>=1.0.0' 'pyyaml>=6.0.2' | |
| - name: Create signing key | |
| run: | | |
| echo "${{ secrets.SIGNING_KEY }}" > signing_key.pem | |
| chmod 600 signing_key.pem | |
| - name: Build GSC image | |
| run: | | |
| cd gsc | |
| ./gsc build my-proof ../my-proof.manifest.template -c ../config.yaml | |
| - name: Sign GSC image | |
| run: | | |
| cd gsc | |
| ./gsc sign-image my-proof ../signing_key.pem -c ../config.yaml | |
| - name: Export GSC image to file | |
| run: | | |
| docker save gsc-my-proof:latest | gzip > gsc-my-proof-${{ github.run_number }}.tar.gz | |
| - name: Generate verification data | |
| run: | | |
| cd gsc | |
| ./gsc info-image gsc-my-proof > ../sigstruct.txt | |
| - name: Upload image | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: gsc-my-proof-image | |
| path: gsc-my-proof-${{ github.run_number }}.tar.gz | |
| - name: Upload verification data | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: gsc-my-proof-sigstruct | |
| path: sigstruct.txt | |
| - name: Generate release body | |
| run: | | |
| echo "MRSIGNER: $(grep -oP 'mr_signer = "\K[^"]*' sigstruct.txt)" >> release_body.txt | |
| echo "MRENCLAVE: $(grep -oP 'mr_enclave = "\K[^"]*' sigstruct.txt)" >> release_body.txt | |
| echo "Image SHA256: $(sha256sum gsc-my-proof-${{ github.run_number }}.tar.gz | cut -d' ' -f1)" >> release_body.txt | |
| - name: Create Release and Upload Assets | |
| uses: softprops/action-gh-release@v1 | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tag_name: v${{ github.run_number }} | |
| name: Release v${{ github.run_number }} | |
| body_path: release_body.txt | |
| draft: false | |
| prerelease: false | |
| files: | | |
| ./gsc-my-proof-${{ github.run_number }}.tar.gz | |
| ./sigstruct.txt | |
| - name: Cleanup signing key | |
| if: always() | |
| run: | | |
| rm -f signing_key.pem | |
| - name: Log build result | |
| if: always() | |
| run: | | |
| if [ ${{ job.status }} == "success" ]; then | |
| echo "Build and release completed successfully" | |
| else | |
| echo "Build and release failed" | |
| fi |